Welcome to the Oracle APEX Foundations course. Today in this lesson on implementing security in your application, I will be talking about security and authentication. My name is Apoorva, and I am a senior product manager for Oracle APEX. Let's get started. In this lesson you learn how to secure your APEX application, you gain an understanding of authentication, and learn about the different schemes of authentication available in Oracle APEX. Finally, you learn how to create an authentication scheme. Once you create an application, you generally need to ensure that only authorized users can access the application, unless it is a public application. That is, you want to implement security in your application. To ensure developers build a secure application, APEX provides two different mechanisms: authentication and authorization. The primary thing in building a secure web application is to understand who the accessing user is.

You use a login page with username and password as an entry to an application. The user is allowed access to the application only if the login succeeds. Confirming a user's identity before allowing access to the application is known as authentication. After successfully logging into the application, the next question is, what is that the logged in user is allowed to do? Can the user get access to a page or a page component? Authorization covers this aspect of implementing security in an application. Authorization refers to restricting access to specific pages and components based on user privileges. As you create your application, you must determine whether to include authentication. In APEX, you can create authentication by one of the following schemes: Selecting a built-in authentication scheme. Create an authentication method based on available pre-configured authentication schemes.

Creating a custom authentication scheme, where you create a custom authentication method to have complete control over the authentication interface. To implement this approach, you must provide a PL/SQL function that APEX engine executes before processing each page request. This functions Boolean return value determines whether the APEX engine processes the page normally or displays a failure page. Choosing to not require authentication. If you choose not to use authentication, Oracle APEX does not check any user credentials. All pages of your application accessible to all users. When you create a new authentication scheme, you have several options. Most let you reuse implementations that already exist in your application or in other applications within your workspace. There are even some pre-tested schemes you can copy to get you up and running immediately.

The following preconfigured schemes ship with Oracle APEX. Oracle APEX Accounts. APEX account credentials are internal user accounts, also known as cookie user accounts, that are created within and managed in the APEX user repository. When you use this method, your application is authenticated against these user accounts. Custom authentication. This enables you to create a custom authentication scheme from scratch, giving you complete control  over your authentication interface. Database accounts. This authentication scheme requires that a database user or schema exists in local database. When using this method, the username and password of the database account is used to authenticate the user. HTTP header variable. Authenticate externally, where the username is stored in an HTTP header variable set by the server. Open Door Credentials. This enables anyone to access your application using a login page that captures a username. No Authentication using DAD adopts the current database user.

This can be used in combination with a MOD PLSQL database access descriptor configuration that uses basic authentication to set the database session user; LDAP Directory. Authentication of user or password with an authentication request to an LDAP server. Oracle Application Server Single Sign-on. This delegates authentication to the Oracle AS Single Sign-On server. To use this authentication scheme, your site must have been registered as a partner application with their SSO server. SAML Sign-In. This delegates authentication to the Security Assertion Markup Language, SAML sign-in authentication scheme. Social Sign-In. Supports authentication with Google, Facebook, and other social networks that support OpenID Connect or OAuth 2.0. standards. Note that; social sign-in authentication is primarily useful for the following use cases: You are application is Internet facing and you expect an unknown number of users from social networks to use your application.

Or, your company has standardized on one of these providers: Oracle Identity Cloud Service, and internal OpenID Connect, or OAuth 2.0. system for authentication. Now, let us see how to create an authentication scheme based on a preconfigured scheme. First, navigate your Application home page and click 'Share Components.' Under Security, select 'Authentication Schemes.' Notice that the application is currently using the Oracle APEX Accounts' authentication scheme. Click 'Create' to create a new authentication scheme. Select the 'based on a pre-configured scheme from gallery radio' button, and click 'Next.' Specify a name for your authentication scheme, then select a scheme of your choice from the Scheme Type list. Click 'Create Authentication Scheme.' Notice that the new authentication scheme is activated as the current authentication scheme. In this module, you learned how to secure your application. You also learned the different authentication schemes available in Oracle APEX. Finally, you learned how to create an authentication scheme. I hope you learned something useful. Thank you for watching.